Browse Security AI Extensions Collections
Entra Id Master Key Eidmk Chrome extension icon

Entra Id Master Key Eidmk

👥 61 users
📦 v1.0
💾 45.19KiB
📅 2024-01-24
View on Chrome Web Store

Chrome will indicate if you already have this installed.

Overview

EIDMK allows you to bypass Azure and Microsoft Entra ID portal UI restrictions by tricking your client (web browser) to send (legit and allowed by Microsoft) requests to Microsoft endpoints and thus receiving information that, usually, you would not be allowed to access through UI - but you are 100% allowed by Microsoft to access through CLI, Graph API, PowerShell or any other application/method - which is the case of this extension. Meaning that in fact this is not a bypass, but just another way to retrieve data that you ALREADY have access to. Keep in mind that you do not gain any new permissions by using this extension. Your user keeps exactly same roles, privileges and permissions - as documented here: https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions

If you are responsible for managing an Entra ID tentant remember that "Using the Restrict access to Microsoft Entra administration portal switch is NOT a security measure."(https://learn.microsoft.com/en-us/entra/fundamentals/users-default-permissions#restrict-member-users-default-permissions).

It works similar to AzureHound by BloodHoundAD, except you don't need to use a terminal for this and can run it directly on your Google Chrome.

In fact, even Microsoft official documentation states that the UI restriction does not restrict anyone, who has access to a tenant, from retrieving the information from Entra ID - find out more on this article, which was written after reporting to Microsoft a strange UI behaviour on Azure portal: https://www.linkedin.com/pulse/microsoft-azure-active-directory-authorization-bypass-vlad-yultyyev/.

This extension may be handy if you are a security professional who needs a quick solution to analyze Microsoft Entra ID tenant.

You need to be a user of particular tenant to view the content of that tenant.

What can you expect to access using this extension?
- Exactly same features/information that you can access through Graph API, CLI or PowerShell
- List all groups that exist on the tenant
- List all users and retrieve their information
- List Application Registrations (names, URI, exposed APIs, roles, secret IDs, etc)
- List Enterprise applications
- List devices (names, operating system version, etc)
- Create new tenants (an active Azure subscription is required for this action. Depending on your organization settings, only Azure AD B2C tenants may be allowed)

Tags

Productivity/developer productivity/developer

Privacy Practices

Not being sold to third parties, outside of the approved use cases
Not being used or transferred for purposes that are unrelated to the item's core functionality
Not being used or transferred to determine creditworthiness or for lending purposes

🔐 Security Analysis

This extension hasn't been security-scanned yet.

Similar Extensions

More in Productivity/developer →

Gofullpage Full Page Scre

10M+ users
Capture a screenshot of your current page in entirety and reliably—without requesting any extra permissions!
Productivity/developer AI

Touchen Pc보안 확장

8M+ users
브라우저에서 라온시큐어의 PC보안 기능을 사용하기 위한 확장 프로그램입니다.
Productivity/developer

React Developer Tools

5M+ users
Adds React debugging tools to the Chrome Developer Tools. Created from revision 3cde211b0c on 10/20/2025.
Productivity/developer